Overview

overview

10

Static

static

10

36e9509c71...18.exe

windows7-x64

10

36e9509c71...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    93s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-07-2024 23:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    36e9509c71061cdc536160cf060815a3_JaffaCakes118.exe

  • Size

    467KB

  • MD5

    36e9509c71061cdc536160cf060815a3

  • SHA1

    0a67df211efb448f22a84bf431f85c2af18bd43c

  • SHA256

    23a17919f7f7d96ac8989bf00aec2da73b975dc08516fcdbf7a2e7b25377e792

  • SHA512

    a0ba299f00d0b447f9b118fe50ebb2bd05ccc01b09f48220d584a6aa4d934a828449b98cc84d79912b81c34b051c64118743159bed80a6883515b9ceedbaba25

  • SSDEEP

    12288:93CtSokfFGUMKwlTIU/b37dJ75WEe+eKTxB6md:9x9GzHlTv/b35tecFB6k

Score
10/10
urelastrojan

Malware Config

Extracted

Family

urelas

C2

121.88.5.183

121.88.5.184

Signatures

  • Urelas

    Urelas is a trojan targeting card games.

    trojanurelas
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\36e9509c71061cdc536160cf060815a3_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\36e9509c71061cdc536160cf060815a3_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3652
    • C:\Users\Admin\AppData\Local\Temp\sander.exe
      "C:\Users\Admin\AppData\Local\Temp\sander.exe"
      2⤵
      • Executes dropped EXE
      PID:3208
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_sannuyex.bat" "
      2⤵
        PID:2688

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_sannuyex.bat
      Filesize

      305B

      MD5

      07de018c9c6f0610690f174e49e025d0

      SHA1

      e7e34705b6f86ceff3c2a92f2244359918433b9e

      SHA256

      482010916983f393636f608f92ccf8ef0f5f9e21f5271a2d3d63d2c629d34712

      SHA512

      2fca1483fc3808d1c6dcfa4955217850c4d53acd2eaca242f13d32d1efa0517dfb9a6dcee1a8e736937df066e77604d77df097d7055f531aa5d92f7589240ec7

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\golfinfo.ini
      Filesize

      512B

      MD5

      145cec05d8d704ff7aa3d812b1aff628

      SHA1

      097ae09965ed3804359803708b8af87b5b90fcbb

      SHA256

      66c8ae290d7cf992faf67b10d1ef8ad91857f3709f459af69b6a11f521a3aeea

      SHA512

      1037d7926aec2831c8b084cc19aa38ce91bc8dcff15af731ce0e7cea79fa7806d4d341a9535c39b0ccb8d6f19bc2badf6d20d3b4ab1c931cd5be6994c4323b9d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\sander.exe
      Filesize

      467KB

      MD5

      69617184711852433a13aa5777d72a5b

      SHA1

      83208e822e91148d8b7e50c022466805472c0c6e

      SHA256

      ae8389f36851408dd15de901ffc212dee39b2b095887d634d0ce8cbff60c4c97

      SHA512

      9961b8a00e4f9de316c9f4e963c9dc22cda3fd16361a9d32af639fb9eab5510b4aa42566cb6057d7c8abeeb4a1595741d459567b1f30c28a3dc6471da1ab84c4

      Download Submit

    • memory/3208-10-0x0000000000DF0000-0x0000000000E72000-memory.dmp

      Filesize

      520KB

      Download

    • memory/3208-13-0x0000000000DF0000-0x0000000000E72000-memory.dmp

      Filesize

      520KB

      Download

    • memory/3208-19-0x0000000000DF0000-0x0000000000E72000-memory.dmp

      Filesize

      520KB

      Download

    • memory/3208-20-0x0000000000DF0000-0x0000000000E72000-memory.dmp

      Filesize

      520KB

      Download

    • memory/3652-0-0x0000000000400000-0x0000000000482000-memory.dmp

      Filesize

      520KB

      Download

    • memory/3652-1-0x0000000000400000-0x0000000000482000-memory.dmp

      Filesize

      520KB

      Download

    • memory/3652-16-0x0000000000400000-0x0000000000482000-memory.dmp

      Filesize

      520KB

      Download